Null Pointer Dereference Vulnerability in Linux Kernel Media Component by Vendor
CVE-2023-54314

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
30 December 2025

What is CVE-2023-54314?

A vulnerability in the Linux kernel's media subsystem allows a user-controlled variable to bypass checks, potentially leading to a null pointer dereference in the af9005_i2c_xfer function. When the user's message buffer is null and the length is zero, improper validation can lead to a system crash. The fix involves implementing additional checks to ensure that the length is valid before accessing the buffer, enhancing stability and security.

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 98c12abb275b75a98ff62de9466d21e4daa98536

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 63d962ac7a52c0ff4cd09af2e284dce5e5955dfe

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 0c02eb70b1dd4ae9bb304ce6cdadbc6faba2b2e9

References

https://git.kernel.org/stable/c/98c12abb275b75a98ff62de94...
https://git.kernel.org/stable/c/63d962ac7a52c0ff4cd09af2e...
https://git.kernel.org/stable/c/0c02eb70b1dd4ae9bb304ce6c...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2023-54314 : Null Pointer Dereference Vulnerability in Linux Kernel Media Component by Vendor